Thoughts: Internet of Things

Much of the IoT hype is really just the final arrival of the promised connected devices – something that was being touted as imminent while I was at Wind River, but which really needed Wi-Fi and Bluetooth to come of age first. Today, connected devices are everywhere. Even cars are connected.

Now we live in a world where devices can be connected to a home or office network without requiring cabling. And we can wear lightweight devices that can take advantage of the more powerful computer in our pockets (aka a smartphone) for Internet connectivity using just low power Bluetooth connections. In some cases, even permanent devices, like smart door locks, can be battery-powered and use Bluetooth to connect to a local "bridge" device.

In addition to that always on connectivity, these devices needed simpler controls. Whether touch screens that can adapt, or, more recently, voice control, without more natural controls, many IoT devices would be too complex.

Finally, the arrival of meaningful AI is helping make many of these devices at least seem smarter, and be easier to interact with. Often with natural language, or by having the device simply observe & learn.


Nest's thermostats are a great example of this. My home is relatively new, but the thermostats we had did not require an internet connection, and had an abysmal user interface for programming them. Nest's use of Wi-Fi for connectivity, an incredibly simple user interface and the AI that allows it to learn your schedule makes them viable. Had they required Ethernet connections, or complex schedule setup, it would have been hard for them to reach as many customers as they have.

Amazon's Alexa

When Apple launched its virtual assistant, Siri, the idea of talking to your phone (rather than talking to another human using your phone) became real. Siri might not be great at everything (and s/he has problems understanding me most of the time), but there's no doubt it kickstarted the idea of a digital assistant with voice interface.

Alexa, Amazon's virtual assistant, arrived in our house via an Echo speaker. Unlike Siri, Alexa lived at home, in one room. She was tethered to the wall for power. Initially, she was limited in her abilities, but now she is replete with skills for almost anything. Most impressive, at least to my kids, is her ability to turn lights on & off or play whatever music they ask for. She can also talk to the Nest thermostats, and our smart lock. Oh, and order stuff from Amazon, track orders for me, access my calendar and add items to various lists. Better still, she understands me most of the time. And my wife & kids too. Alexa has become a part of our house now, and with it the expectation that things can be controlled with voice commands. Our kids think nothing of talking to her when they want a light turned on, or their music played. It is totally natural to them.

Smart Watches

I'll admit, when I backed the first Pebble watch project on Kickstarter, I wasn't really sure I would need such a device. It certainly wasn't the most attractive watch I'd ever seen (to be honest, it looked more like a kids watch), but I love technology, and especially connected technology. Ever since my days writing embedded OS code at Wind River, I have been a firm believer that connecting devices is the future. A watch, connected to my iPhone, and from there to the internet seemed like it might be useful.

Fast forward to today, and I have owned three Pebbles and now an Apple Watch. The device I bought (or backed) on a whim is now something I consider to be one of my most important connected devices. And I don't run lots of apps on my watch. I don't need to. The killer app for me with the smart watch is simple: it tells me with a simple glance at my wrist why my phone just buzzed (buzzed because it is now permanently in silent mode). There are apps that are useful, like the one to control the Nest remotely, or the smart light controls, but the messaging alone would make it worthwhile for me.

The Challenges for IoT

The biggest challenge for IoT devices that I see is simply convincing people to try them. Early adopters are easy; we will take a chance on devices just to see how they work. The mass market is harder. They may not see them benefits they could gain from a smart watch. My wife swore she didn't want a watch that connected to her phone; until her office gave her a fitness tracker that did it. Now she understands why messages on your wrist is useful.

The same with Alexa and smart home devices. Our Insteon system requires some investment, but there are increasingly options to simply replace bulbs with smart bulbs, or plug-in modules that can switch appliances on or off without any electrical experience. I love being able to ask Alexa to turn on or off a light for me when my hands are full; my wife just classified it as laziness. (She felt similarly about my Roombas, and Instacart.)

For me, the advantages of automation are obvious. Target had a smart home concept demonstration showroom in the San Francisco Metreon a while back. In there they had set up some home automation sequences that made total sense to me. Things like a Nest smoke detector reporting smoke, leading to the toaster's outlet being shut off automatically. Or, a leak detector being able to shut off the water. Or, a simple button on the wall in the baby's room being able to dim the lights, play lullaby music and enable a baby monitor that can alert via a phone (or watch). Alexa can even replace that button. Just ask her to set the baby's room up for sleeping. This is not science fiction either; all of the technology to do this is there today.

Industrial AI

An ad I saw recently tried to highlight something else that connected devices allow. In the case of the ad, an elevator repairman turned up at a building to fix an elevator that wasn't broken. Not by mistake; because the telemetry from the elevator system had been interpreted by an AI system in the cloud as an indication of an impending failure. He was there to fix it before it broke.

That technology can easily be applied to cars, home appliances and much, much more. Once they are connected, systems in the cloud can ingest vast amounts of telemetry data and look for anomalies, or patterns they've seen before that led to failures.

Security & Privacy

One of the concerns most often cited against all these IoT devices is that the data they generate, and in some cases even the words we speak, are being uploaded into the cloud and we have no control over what happens to them once they are there.

In some cases, such as Nest acquiring data about how warm or cool my house is, for example, seems pretty low risk. Information about whether I am at home or not (which the Nest can also determine) might be higher risk. For some people, the conversations they have with assistants like Alexa, or the information that she can access, such as who I am meeting with from my calendar, could be far more serious. Or my car potentially reporting on my driving habits (perhaps affecting my warranty or my insurance prices). Or my phone reporting where I am all the time.

Of course, all of those risks exist without IoT devices too. We have had microphones in our houses for many decades at this point (telephones), and in our pockets for two decades. In many ways that telephone is far more risky than Alexa. We trust that the phone company doesn’t listen in to our calls, but, as recent revelations about government data collection revealed, even without the conversations, they know who we called, when we called them, and how often we called them.

Clearly, there are risks both to privacy and to physical security (especially if things like smart locks can be operated by voice commands). Users of these devices need to consider who might be listening to the questions they ask, how much they trust the vendor of a given device with the data that device could be collecting, and whether the device vendor has considered the security of their system. Those concerns existed before IoT devices as well though; ISPs and services like Google can see what you search for, and/or the websites you visit. Services like Facebook & LinkedIn know a lot about your personal and professional life. Analog telephones can be tapped (and perhaps even made to enable the mic while on the hook). Garage remotes could be recorded & replayed, allowing a thief to open your garage door after you left for work. Remote control car locks have also been hacked to allow thieves to break into and steal cars. All of that before IoT.

In theory, IoT systems can help reduce some of those attacks. Cameras that automatically record break-ins, triggered by motion, or smart doorbell systems that trick a would-be thief into thinking somebody is home. Geo-tracking systems that make it easy to locate a lost or stolen device (or even a car). All of these are possible because of a connection to the cloud. Smart homes can monitor and report activities, such as garage doors opening or other sensors being triggered. A phone reporting location can help reduce incidences of credit card fraud, or avoid false positives, by confirming the location of the user relative to the location their card is being used.


Ironically, the biggest security risk with IoT devices might not be directly to the owner of the devices. The criminals with the sophistication to attack these systems probably don’t want to break into the average person’s house or listen to their conversations. But IoT devices are being targeted to host bots that can be used for nefarious things. That may be massive scale denial of service attacks, sending phishing emails or acting as tunnels into an otherwise protected network. Many of these devices are plugged into networks and then left alone. Even if software updates are available, many IoT type devices never receive them.

Once again, IoT technologies may help defend against these attacks as well as being a vector for them. AI based intrusion detection systems can warn when they detect unusual behavior, or even autonomously take action to isolate a device that appears to be behaving badly. They can also monitor vendor support sites and notify users when updates are available, or when new vulnerabilities are reported for a device in their network.

Leave a Reply

Your email address will not be published.